catalyst-os 3.0.2 → 3.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -154,6 +154,15 @@ function install() {
154
154
  console.log(` ${green}✓${reset} Installed .catalyst/spec-structure.yaml`);
155
155
  }
156
156
 
157
+ // Framework-owned document templates (roadmap, dashboard, mission, etc.):
158
+ // always refresh — the commands read these to generate .catalyst/main docs.
159
+ const tempSrc = path.join(src, '.catalyst', 'main', 'temp');
160
+ const tempDest = path.join(catalystDir, 'main', 'temp');
161
+ if (fs.existsSync(tempSrc)) {
162
+ copyDir(tempSrc, tempDest);
163
+ console.log(` ${green}✓${reset} Installed .catalyst/main/temp/ (doc templates)`);
164
+ }
165
+
157
166
  // User-owned config: create ONLY if missing — never clobber a customized
158
167
  // project-config.yaml (branch settings, voice.language, agent_id, etc.) on update.
159
168
  const pcDest = path.join(cwd, '.catalyst/main/project-config.yaml');
@@ -0,0 +1,188 @@
1
+ # Architecture
2
+
3
+ > Analysis Date: YYYY-MM-DD
4
+ > Update when: Major architectural changes, new patterns introduced
5
+
6
+ ## Overview
7
+
8
+ Brief description of the system architecture (2-3 sentences).
9
+
10
+ ---
11
+
12
+ ## Conceptual Layers
13
+
14
+ ```
15
+ ┌─────────────────────────────────────┐
16
+ │ Presentation │ ← UI, API routes
17
+ ├─────────────────────────────────────┤
18
+ │ Application │ ← Use cases, orchestration
19
+ ├─────────────────────────────────────┤
20
+ │ Domain │ ← Business logic, entities
21
+ ├─────────────────────────────────────┤
22
+ │ Infrastructure │ ← DB, external services
23
+ └─────────────────────────────────────┘
24
+ ```
25
+
26
+ | Layer | Location | Responsibility |
27
+ |-------|----------|----------------|
28
+ | Presentation | `src/app/`, `src/api/` | HTTP handlers, UI components |
29
+ | Application | `src/services/` | Use case orchestration |
30
+ | Domain | `src/domain/`, `src/types/` | Business rules, entities |
31
+ | Infrastructure | `src/lib/`, `src/db/` | External integrations |
32
+
33
+ ---
34
+
35
+ ## Data Flow
36
+
37
+ ### Request Lifecycle
38
+
39
+ ```
40
+ HTTP Request
41
+
42
+ Route Handler (`src/api/[route]/route.ts`)
43
+
44
+ Middleware (auth, validation)
45
+
46
+ Service (`src/services/*.ts`)
47
+
48
+ Repository (`src/db/*.ts`)
49
+
50
+ Database
51
+
52
+ Response transformation
53
+
54
+ HTTP Response
55
+ ```
56
+
57
+ ### State Management (Frontend)
58
+
59
+ | State Type | Solution | Location |
60
+ |------------|----------|----------|
61
+ | Server state | React Query / SWR | `src/hooks/queries/` |
62
+ | Client state | Zustand / Context | `src/stores/` |
63
+ | Form state | React Hook Form | Component-level |
64
+ | URL state | Next.js router | `searchParams` |
65
+
66
+ ---
67
+
68
+ ## Key Patterns
69
+
70
+ ### Pattern: Repository
71
+
72
+ **Purpose**: Abstract database access
73
+ **Location**: `src/db/repositories/`
74
+
75
+ ```typescript
76
+ // Example: src/db/repositories/user.ts
77
+ export const userRepository = {
78
+ findById: (id: string) => db.user.findUnique({ where: { id } }),
79
+ create: (data: CreateUserInput) => db.user.create({ data }),
80
+ };
81
+ ```
82
+
83
+ ### Pattern: Service Layer
84
+
85
+ **Purpose**: Business logic orchestration
86
+ **Location**: `src/services/`
87
+
88
+ ```typescript
89
+ // Example: src/services/auth.ts
90
+ export async function login(email: string, password: string) {
91
+ const user = await userRepository.findByEmail(email);
92
+ if (!user || !verifyPassword(password, user.passwordHash)) {
93
+ throw new AuthError('Invalid credentials');
94
+ }
95
+ return generateTokens(user);
96
+ }
97
+ ```
98
+
99
+ ### Pattern: [Add more patterns found]
100
+
101
+ ---
102
+
103
+ ## Entry Points
104
+
105
+ ### HTTP API
106
+
107
+ | Entry Point | Location | Purpose |
108
+ |-------------|----------|---------|
109
+ | REST API | `src/app/api/` | Main API routes |
110
+ | Webhooks | `src/app/api/webhooks/` | External service callbacks |
111
+
112
+ ### Background Jobs
113
+
114
+ | Entry Point | Location | Purpose |
115
+ |-------------|----------|---------|
116
+ | Cron jobs | `src/jobs/` | Scheduled tasks |
117
+ | Queue workers | `src/workers/` | Async processing |
118
+
119
+ ### CLI
120
+
121
+ | Entry Point | Location | Purpose |
122
+ |-------------|----------|---------|
123
+ | Scripts | `scripts/` | Dev/admin utilities |
124
+
125
+ ---
126
+
127
+ ## Cross-Cutting Concerns
128
+
129
+ ### Authentication
130
+
131
+ ```
132
+ Request → Auth Middleware → Verify JWT → Attach user to context → Handler
133
+ ```
134
+
135
+ - **Implementation**: `src/middleware/auth.ts`
136
+ - **Token storage**: httpOnly cookies
137
+ - **Session management**: JWT with refresh tokens
138
+
139
+ ### Error Handling
140
+
141
+ ```
142
+ Error thrown → Error boundary/middleware → Log → Format response → Client
143
+ ```
144
+
145
+ - **Error types**: `src/lib/errors.ts`
146
+ - **Error middleware**: `src/middleware/error.ts`
147
+ - **Client format**: `{ error: { code, message, details? } }`
148
+
149
+ ### Logging
150
+
151
+ - **Library**: [pino / winston / console]
152
+ - **Format**: JSON structured logs
153
+ - **Levels**: error, warn, info, debug
154
+ - **Location**: `src/lib/logger.ts`
155
+
156
+ ---
157
+
158
+ ## Key Files Reference
159
+
160
+ | Purpose | File |
161
+ |---------|------|
162
+ | Database client | `src/lib/db.ts` |
163
+ | Auth middleware | `src/middleware/auth.ts` |
164
+ | API error handler | `src/middleware/error.ts` |
165
+ | Type definitions | `src/types/index.ts` |
166
+ | Environment config | `src/lib/env.ts` |
167
+
168
+ ---
169
+
170
+ ## Diagrams
171
+
172
+ ### System Context (if applicable)
173
+
174
+ ```
175
+ ┌──────────┐ ┌──────────┐ ┌──────────┐
176
+ │ Client │────▶│ API │────▶│ DB │
177
+ └──────────┘ └──────────┘ └──────────┘
178
+
179
+
180
+ ┌──────────┐
181
+ │ External │
182
+ │ Services │
183
+ └──────────┘
184
+ ```
185
+
186
+ ---
187
+
188
+ *Last updated: YYYY-MM-DD*
@@ -0,0 +1,225 @@
1
+ # Concerns
2
+
3
+ > Analysis Date: YYYY-MM-DD
4
+ > Update when: Issues fixed, new concerns discovered
5
+
6
+ ## Summary
7
+
8
+ | Severity | Count | Status |
9
+ |----------|-------|--------|
10
+ | Critical | 0 | - |
11
+ | High | 0 | - |
12
+ | Medium | 0 | - |
13
+ | Low | 0 | - |
14
+
15
+ ---
16
+
17
+ ## Critical Issues
18
+
19
+ Issues that could cause data loss, security breaches, or system failures.
20
+
21
+ ### [CRIT-001] Issue Title
22
+
23
+ **Location**: `src/path/to/file.ts:123`
24
+ **Severity**: Critical
25
+ **Type**: Security / Data Loss / System Failure
26
+
27
+ **Description**:
28
+ What the issue is and why it's critical.
29
+
30
+ **Evidence**:
31
+ ```typescript
32
+ // Code snippet showing the issue
33
+ ```
34
+
35
+ **Impact**:
36
+ What could happen if not addressed.
37
+
38
+ **Recommended Fix**:
39
+ How to resolve the issue.
40
+
41
+ **Safe Modification**: No - requires careful migration
42
+
43
+ ---
44
+
45
+ ## High Priority
46
+
47
+ Issues that affect functionality or could become critical.
48
+
49
+ ### [HIGH-001] Issue Title
50
+
51
+ **Location**: `src/path/to/file.ts:45`
52
+ **Severity**: High
53
+ **Type**: Bug / Performance / Tech Debt
54
+
55
+ **Description**:
56
+ Clear description of the issue.
57
+
58
+ **Evidence**:
59
+ ```typescript
60
+ // Code snippet or metrics
61
+ ```
62
+
63
+ **Impact**:
64
+ How this affects users or system.
65
+
66
+ **Recommended Fix**:
67
+ Steps to resolve.
68
+
69
+ **Safe Modification**: Yes - isolated change
70
+
71
+ ---
72
+
73
+ ## Medium Priority
74
+
75
+ Issues that should be addressed but aren't urgent.
76
+
77
+ ### [MED-001] N+1 Query in User List
78
+
79
+ **Location**: `src/api/users/route.ts:34`
80
+ **Severity**: Medium
81
+ **Type**: Performance
82
+
83
+ **Description**:
84
+ User list endpoint loads related data in a loop instead of using a join.
85
+
86
+ **Evidence**:
87
+ ```typescript
88
+ // Current: N+1 queries
89
+ const users = await db.user.findMany();
90
+ for (const user of users) {
91
+ user.profile = await db.profile.findUnique({ where: { userId: user.id } });
92
+ }
93
+
94
+ // Should be: Single query with include
95
+ const users = await db.user.findMany({
96
+ include: { profile: true }
97
+ });
98
+ ```
99
+
100
+ **Impact**:
101
+ ~50ms per user → 5s for 100 users
102
+
103
+ **Recommended Fix**:
104
+ Use Prisma `include` for eager loading.
105
+
106
+ **Safe Modification**: Yes - same result, better performance
107
+
108
+ ---
109
+
110
+ ## Low Priority
111
+
112
+ Nice-to-fix items, minor tech debt.
113
+
114
+ ### [LOW-001] Issue Title
115
+
116
+ **Location**: `src/path/to/file.ts`
117
+ **Severity**: Low
118
+ **Type**: Tech Debt / Code Quality
119
+
120
+ **Description**:
121
+ Brief description.
122
+
123
+ **Recommended Fix**:
124
+ What to do when time permits.
125
+
126
+ ---
127
+
128
+ ## Tech Debt Inventory
129
+
130
+ Accumulated shortcuts and workarounds.
131
+
132
+ | ID | Location | Description | Added | Effort |
133
+ |----|----------|-------------|-------|--------|
134
+ | TD-001 | `src/lib/legacy.ts` | Old auth system still in use | 2024-06 | High |
135
+ | TD-002 | `src/utils/helpers.ts` | Duplicate utility functions | 2024-08 | Low |
136
+
137
+ ---
138
+
139
+ ## Fragile Areas
140
+
141
+ Code sections that break easily or have poor test coverage.
142
+
143
+ ### `src/services/payment.ts`
144
+
145
+ **Why Fragile**:
146
+ - Complex state machine with many edge cases
147
+ - External API dependency with inconsistent responses
148
+ - Only 40% test coverage
149
+
150
+ **Safe Modification Guide**:
151
+ 1. Always test with sandbox API
152
+ 2. Check all state transitions
153
+ 3. Verify webhook handling
154
+
155
+ **Recent Breakages**:
156
+ - 2024-12-01: Webhook signature validation failed after API update
157
+ - 2024-11-15: Race condition in concurrent payments
158
+
159
+ ---
160
+
161
+ ## Known Bugs
162
+
163
+ Documented issues not yet fixed.
164
+
165
+ | ID | Description | Location | Workaround | Priority |
166
+ |----|-------------|----------|------------|----------|
167
+ | BUG-001 | Login redirect fails on Safari | `src/lib/auth.ts` | Use Chrome | Medium |
168
+ | BUG-002 | Date picker shows wrong timezone | `src/components/DatePicker.tsx` | Manual adjustment | Low |
169
+
170
+ ---
171
+
172
+ ## Security Notes
173
+
174
+ Security-related observations (no secrets!).
175
+
176
+ | Area | Status | Notes |
177
+ |------|--------|-------|
178
+ | Input validation | Partial | Missing on admin endpoints |
179
+ | Auth | Good | JWT with refresh tokens |
180
+ | CORS | Good | Configured for known origins |
181
+ | Rate limiting | Missing | Needed on public endpoints |
182
+ | Secrets management | Good | Using environment variables |
183
+
184
+ **Action Items**:
185
+ - [ ] Add validation middleware to admin routes
186
+ - [ ] Implement rate limiting on `/api/auth/*`
187
+
188
+ ---
189
+
190
+ ## Flaky Tests
191
+
192
+ Tests that fail intermittently.
193
+
194
+ | Test | Location | Failure Rate | Cause |
195
+ |------|----------|--------------|-------|
196
+ | `should handle concurrent requests` | `tests/api/users.test.ts:45` | ~10% | Race condition in mock |
197
+ | `should timeout after 5s` | `tests/services/external.test.ts:78` | ~5% | CI timing variations |
198
+
199
+ ---
200
+
201
+ ## Dependencies to Watch
202
+
203
+ Packages that need attention.
204
+
205
+ | Package | Current | Latest | Notes |
206
+ |---------|---------|--------|-------|
207
+ | react | 18.2.0 | 19.0.0 | Major upgrade, breaking changes |
208
+ | prisma | 5.0.0 | 5.8.0 | Security patches available |
209
+ | next | 14.0.0 | 14.1.0 | Recommended update |
210
+
211
+ ---
212
+
213
+ ## Improvement Opportunities
214
+
215
+ Not bugs, but areas that could be better.
216
+
217
+ | Area | Current State | Ideal State | Effort |
218
+ |------|---------------|-------------|--------|
219
+ | Error messages | Generic | User-friendly with actions | Medium |
220
+ | Loading states | Spinner only | Skeleton screens | Low |
221
+ | Caching | None | Redis for hot data | High |
222
+
223
+ ---
224
+
225
+ *Last updated: YYYY-MM-DD*